Software Security

Our research in software security is targeted both at the detection of vulnerabilities in code bases and the creation of methods for the development of secure software. Our overall goal is advance the current state of software development, to provide methodology and tooling, and achieve insight in order to create more secure software.

Capability Models for Secure Software Creation

The efficiency of current software development largely depends on an ecosystem of reuse as existing software components get repurposed for new software. However, these components become part of the data- and control-flow of the resulting application. Furthermore, they become part of the same security context the user endows the program with. Developers automatically vouch for the components they deliver as part of their software.

We develop methods and tools to help developers to make informed decision about software component and help them in avoiding possible security vulnerabilities in software products.

Finding Vulnerabilities through Illicit Data-flows

Vulnerabilities in programs can involve complex data flows which attackers abuse to gain control and access beyond their privilege level. As current programs involve a stack of components (e.g., libraries, frameworks, platforms) these data flows cannot be found easily using manual code reviews.

We develop sound yet scalable static taint analyses which can find vulnerabilities that involve integrity and confidentiality issues at the same time. We are able to execute these analyses on large codebases (e.g., the JDK) within reasonable runtime which allow developers to regularly check their implementations for new vulnerabilities.

Strong Foundations for Static Analyses

Research in software analysis needs a strong foundation. With the OPAL Framework we provide such a foundation. It is a modular framework written in Scala which allows for various analyses of Java Bytecode. We built it with the design goals of easy customizability and reusability as well as performance and scalability.

Its core is a Bytecode toolkit which allows for the analysis of JVM-based programs at various levels of abstraction and the manipulation and generation of Bytecode. Built on top of this toolkit is a framework for abstract interpretation which is highly configurable through Scala's mix-in-composition approach.

We extend OPAL with our latest research results. For instance, we developed new versions of call-graph algorithms which are more sound than the previous state-of-the-art in the context of analyzing software libraries.

Ongoing Research

PEAKS is an acronym for “Platform for the Efficient Analysis and Secure Composition of Software Components”. A fundamental building block in making software engineering more efficient is the reuse of existing components and libraries. Applications are composed of a stack of libraries in conjunction with the respective business code. But as the code of the libraries becomes a part of the control flow of the application, it will run in the same process and thus in the same security context as the main application regardless of the actual need for such a privilege. We aim to build a tool to detect these unnecessary permissions in software libraries and to recommend procedures to limit these privileges or their impact.[more…]

FlowTwist’s primary goal is to develop a highly precise and scalable automated code analysis that is able to detect security vulnerabilities in the Java Runtime Library. The main challenge is that existing techniques are either precise or scale to huge applications, but usually not both. Therefore, new techniques are being developed as part of the project that are not only applicable in the projects specific context, but in general.[more…]

OPAL is a new project to develop an integrated set of tools for analyzing software programs. OAPL aims to support analyses ranging from simple bug detectors to analyses depending on complex control- and data-flow information. As part of OPAL, a runtime environment is implemented that enables the efficient specification and execution of such analyses and which will also be the foundation for a wide range of software engineering tools. OPAL is targeted towards analyzing programs that are executed on top of the Java Virtual Machine. OPAL particularly supports the analysis of programs written in Java like languages.[more…]

Variability Modeling of Cryptographic ComponentsThere is a wide variety of cryptographic components and algorithms (e.g., ciphers, digests, signatures, etc.). Each of these components comes with its own variability. For example, a cipher can be symmetric or asymmetric. If it is symmetric, it can operate on blocks or streams. Additionally, there are different modes of operations (e.g., ECB vs CBC) as well as different padding schemes. In order to deal with this huge variability space, we model cryptographic components using concepts from feature modeling. However, since such components have many attributes and solutions using cryptography may use multiple components at once, we need additional modeling notations than those offered by basic feature modeling.[more…]